The Background
On 12 January 2024, I posted this challenge to conclude the week. I wanted to simulate the use of social media comments for command and control (C2). In this case I used steganography and a dead drop. Both are tradecraft that have been employed by intelligence entities for clandestine source operations such as for human intelligence or counterintelligence purposes.
This tradecraft can be used in many ways to include in cyberspace both for clandestine source operations and for cyberspace operations. In fact, there are examples of foreign intelligence entities using similar tradecraft for their intrusion operations. The use of social media posted content has been employed by, for example, cyber threats associated with the Foreign Intelligence Service (SVR) of the Russian Federation.
The Challenge
In the comments section you find a fairly off topic nonsensical comment. As a side note, I attempted numerous times to use a large language model (LLM) to produce a paragraph that met my needs, but it kept failing. I'm sure one could be tuned to do it.
I want to note that this comment on this video surely stands out, especially so due to the fact that I pointed you to this video in the context of capture-the-flag style challenges. However, you can imagine how you could increase the quality and placement that combined with casual observation would be glossed over. You can also imagine how common it is for enterprise users to be visiting video streaming sites solely to listen to music.
Going into the gauntlet . Everyone is nervous. Zones were assigned. Defense is set. One thing is for sure. Losers are going to wonder why. Realizing the time is near. Quiet down. Fear not. You can do this. You will do this. Cannot quit now. 4 more tries. Move more steady. Just keep trying. Success comes after you endure. Here is the answer. It is right in front of you. You just have to see it. Take your time. Almost there. May your resolve be strong. But most importantly you must remember. Quitting is for quitters.Midway through this, I wanted to hint and encourage people. For a person who has never been exposed to this sort of thing, this could be hard. I believe the 4 at the beginning of the sentence could be something you would pick up on. You decide to start by extracting the first character of each sentence:
This doesn't provide human readable content. However, we do notice we see only alphanumeric characters and all of the alphabetical characters are uppercase. This is a hint that it may be base32. We apply from base32 and we get an IPv4 address and port. In this case I decided to use a loopback address.
This string is the coupon code for a free Attribution Matters t-shirt. Thanks for playing everyone! The first person to solve was Andrew Northern.
Comments